Creating a private cloud would radically change how intelligence is shared.

FCW, a federal IT blog, reported yesterday that its sources confirmed that the CIA has inked a deal with Amazon, agreeing to a cloud computing contract “worth up to $600 million over 10 years.” These sources suggested to FCW that Amazon Web Services will help the intelligence agency build a private cloud network so that it can “keep up with emerging technologies like big data in a cost-effective manner not possible under the CIA's previous cloud efforts.”

FCW also reports that the CIA's IT department has outlined efforts to promote "greater integration, information sharing, and information safeguarding through a common (intelligence community) IT approach that substantially reduces costs." The blog points out that comments such as these imply that there may be some changes coming to the way the CIA and other intelligence agencies share data—a marked departure for the isolated private clouds that the CIA is known be using presently.

Spokespeople for the CIA and Amazon declined to comment to FCW. But the blog noted that at recent speaking engagements, CIA officials have mentioned Amazon as models for cost-effective data management. At a gathering of Northern Virginia Technology Council board members last week, two audience members apparently told FCW that CIA Chief Information Officer Jeanne Tisinger said the agency was working "with companies like Amazon."

Industry experts speculated that such a deal could be significant in helping the CIA rein in budgets by outsourcing the project to an experienced company rather than designing cloud-computing infrastructure in-house.

38 Reader Comments

Because, you know, they need somewhere to store all those wiretaps, email records, sms records, and cell phone location records for cheap. And Amazon now has data in its servers that Google could only dream of getting.

It says Amazon will be helping them build an efficient cloud solution, not hosting them in their own cloud. I applaud the effort to improve efficiency and information sharing as long as it saves us taxpayers money.

Heck, even if they were storing in Amazon's cloud, no doubt it would all be heavily encrypted client side anyway. Nothing would hit Amazon's servers that wasn't encrypted up the wazoo.

THIS IS THE CIA!!! They're the ones who spend all their time BREAKING all those crypto algorithms! The CIA needs physical security of their data. They can NOT give that up to anyone else, no matter how many rounds of AES4096 they've put it through...

Us plebs can trust our data to strong encryption because the effort to break it is astronomical, and all that effort would just get someone our bank account number, but THE DAMN CIA can't just do so... Getting access to their data is something Russia, China, and others would happily build a supercomputer just to get at... Just as the CIA is building supercomputers to get at the encrypted data of other countries.

Strong crypto is awesome, but it is NOT invulnerable. The only method that fits that description is one-time pads, and with those, the data (think: password) needed to decipher it is at least equally as large as the original data set, so there's no benefit there.

$600 million over 10 years? That's chump change for Amazon. If there's anything of interest here it's what will be developed in the process (unless of course it becomes another total failure [1]).

Affinityjb wrote:

It says Amazon will be helping them build an efficient cloud solution, not hosting them in their own cloud. I applaud the effort to improve efficiency and information sharing as long as it saves us taxpayers money.

Usually I'm all for the government being more efficient and everything, but think I'll make an exception when it comes to being able to run queries on me faster. =P

Everyone ignore rcxb, neither the CIA nor the NSA have magic codebreaking abilities. RSA 2048+ and AES256 are still safe.

Any entity breaking algorithms needs mathematicians for this. There's also math geeks with similar assumed skills elsewhere in the world, that would be publishing any really significant weaknesses. Yet there are one. Unless you subscribe to assassination theories.

I would hope they take all the steps to ensure cloud security, be a shame if information incriminating the government in illegal activities were to leak....

Don't be shocked. This is not he first time a government agency has contracted with a thrid party private sector company. And the word "private" seemed to be used lavishly enough to suggest that they may be using the Internet substructure, but this new system will not be directly accessible from the WWW. Not that that is accurate but it's how that reads. As for security, there seems to be no mention of it and yes, a leak will be bad.

Why would the CIA or any military organization in the US use a public cloud? If they have government data centers that are physically isolated.

The explanation is that they need to be linked or have access to the Amazon Cloud, possible to spy or filter data directly from users using Amazon Cloud? Otherwise it makes no sense.

Amazon uses virtualization like any cloud provider, which so far is considered secure, each machine is isolated from the rest, but its not perfect either. How secure is each machine or isolated in the same nodes regarding other users data? Can virtualization layers be broken and intercept internal VM communications? This is are important questions we need to ask, regardless if its VMWare, KVM or Xen which is what I think Amazon uses.

This can mean only 2 things, virtualization is not that secure, the CIA knows is and this is why they want to be in the same Amazon Cloud services, or virtualization is absolutely so secure that the CIA trust its to be hosted in the same network, storage where other companies are stored.

This of course assuming Amazon does not separated them physically from the rest of the cloud, if they do, then what is exactly the point in using their cloud then?

Everyone ignore rcxb, neither the CIA nor the NSA have magic codebreaking abilities. RSA 2048+ and AES256 are still safe.

Any entity breaking algorithms needs mathematicians for this. There's also math geeks with similar assumed skills elsewhere in the world, that would be publishing any really significant weaknesses. Yet there are one. Unless you subscribe to assassination theories.

Safe for some time, everything can be broken with enough computing power, and since they probably have access to quantum computers, or they will soon enough, I don´t think there is any encryption which is safe.

It says Amazon will be helping them build an efficient cloud solution, not hosting them in their own cloud. I applaud the effort to improve efficiency and information sharing as long as it saves us taxpayers money.

Hopefully it won't turn into another NMCI fiasco, a la EDS & the Navy.

For those of you speculating that the CIA is considering putting sensitive data in a public cloud in any form, here are two quotes from the source article which should put those fears to rest (though common sense should be enough to know that no classified data would ever get put in a public cloud, emphasis mine):

Source article wrote:

Hunt has also spoken publicly in the past about the potential for leveraging public cloud infrastructure for non-classified information....While the full scope of its current contract with Amazon is not yet clear, it is likely this contract essentially brings a public cloud computing environment inside the secure firewalls of the intelligence community, thereby negating concerns of classified data being hosted in any public environment.

While no one publicly knows for sure, there is no way any security minded organization, especially not the CIA, would allow classified data out like that, encrypted or not.

There is far too much tinfoil in this thread. To be honest it is no surprise, given the coverage that has been given on the abysmal state of the federal IT infrastructure. The various news articles bemoaning the faltering nature of the FBI databases as well as the lack of inter-agency and inter connected systems foretold this. The only eyebrow raising part of this is that the government made such a good decision to outsource the labor of designing and managing the hardware to a proven corporation and didn't do the typical route of hiring consultants that designed a boondoggle whose primary purpose was to leech money and a lucrative contract out of the government.

Regardless of how you feel about the government having better access to data, this is probably a lot cheaper and more reliable than the task of maintaining hundreds of independent systems across the various agencies that utilize them.

Everyone ignore rcxb, neither the CIA nor the NSA have magic codebreaking abilities. RSA 2048+ and AES256 are still safe.

Any entity breaking algorithms needs mathematicians for this. There's also math geeks with similar assumed skills elsewhere in the world, that would be publishing any really significant weaknesses. Yet there are one. Unless you subscribe to assassination theories.

There's nothing magic about it. I didn't say AES was cracked wide open. There are constantly *minor* vulnerabilities published about common ciphers that reduce the rounds needed to break it. The NSA (not the CIA as I incorrectly said) has always been ahead of private cryptographers, even though their lead today is not as astronomical as it was in the early days of DES and the like. Even if they weren't, they have the benefit of all that public information, in addition to their own private research which is never shared.

And finally, everything is vulnerable to an adversary with enough resources, and we're talking about superpowers who are willing to spend hundreds of billions of dollars to get at each others' sercrets, and who have access to advanced technology before the rest of us even hear about it.

Safe for some time, everything can be broken with enough computing power, and since they probably have access to quantum computers, or they will soon enough, I don´t think there is any encryption which is safe.

Quantum computing isn't a magic bullet. There are a few methods which are just as resistant to quantum computers as they are to current electronic computers. They aren't remotely as common as the more vulnerable methods, though.

It says Amazon will be helping them build an efficient cloud solution, not hosting them in their own cloud. I applaud the effort to improve efficiency and information sharing as long as it saves us taxpayers money.

I attended the AWS Gov Summit in 2011. Even back then Gus Hunt (the CIA's CTO) was talking about exactly this: not blindly putting everything in the cloud (which the AWS speakers were also telling .gov attendees *not* to do) but using it for things which you aren't running at high enough utilization to be cost effective: keep your always-on servers in your own machine room and use AWS VPC for development, one-off batch or analysis jobs, bursting web traffic, etc.

Traditionally many large organizations have been very conservative about outsourcing capacity but your hand is somewhat forced when your data center is full and the price tag for a new one (or more power / HVAC) has 7-8 zeroes on the end.

Now that's amazing.After Facebook, it is now time for Amazon.This is probably the reason why the local search of files in Ubuntu Linux are being logged and given to Amazon. I am not against Canonical doing this as this is quite normal, since MS is also logging searches in MS HQ. Try openning the search window and you'll notice a TCP connection to MS HQ.